title
最近从大佬手里收来一台死海网络的美西GIA小鸡,一顿操作改ssh端口放高位端口防火墙,然后机器就连不上了
折腾几次后,getenforce查询selinux状态是Enforcing,于是setenforce 0关闭后又是一顿操作,结果1分钟后又失联了
然后我思考一二,再次重装(不得不说死海家重装挺快,1分钟不到),
systemctl status firewalld查看防火墙状态,虽然在运行,却发现:
网卡配置读取不到,权限不足:

ERROR: Failed to load '/etc/sysconfig/network-scripts/ifcfg-eth0': [Errno 13] Permission denied: '/etc/sysconfig/network-scripts/ifcfg-eth0'

ERROR: Calling post func <function 0x7fc8c0de7aa0="" at="" ifcfg_set_zone_of_interface="">(('', 'eth0')) failed: [Errno 13] Permission denied: '/etc/sysconfig/network-scripts/ifcfg-eth0'</function>

firewalld status.png
通过查询
ls -lZd /etc/sysconfig/network-scripts

ls -lZd /etc/sysconfig/network-scripts/ifcfg-eth0

发现网卡配置文件状态未标记: unlabeled_t
修复方法:

yum install policycoreutils-python
semanage fcontext -a -t net_conf_t /etc/sysconfig/network-scripts/ifcfg-eth0
restorecon -R /etc/sysconfig/network-scripts/ifcfg-eth0
systemctl restart firewalld.service

然后再次查询

ls -lZd /etc/sysconfig/network-scripts/ifcfg-eth0

发现已经标记好了

net_conf_t

systemctl status firewalld 查看防火墙状态也正常了
firewalld status new.png
这样我们又可以愉快地修改ssh端口,更新firewalld放行端口各种设置了

Last modification:April 28, 2021
If you think my article is useful to you, please feel free to appreciate